<?php

/* 
 *	FalconKMS Login Manager
 *	Version: 2.0
 *	Author: Geoff Wilson (contact@gawilson.net
*/

function getPlayerLossCount($playerID)
{
	$sql = "SELECT COUNT(`killID`) AS numberLosses FROM `kb_kill` WHERE `playerID` = '$playerID'";
	return mysql_result(mysql_query($sql),0);
}

function getPlayerKillCount($playerID)
{
	$sql = "SELECT COUNT(`involvedID`) AS numberLosses FROM `kb_involved` WHERE `playerID` = '$playerID'";
	return mysql_result(mysql_query($sql),0);
}

if ($killboardSettings['allowLogins'] == 1)
{

    $loginMessage = "Login";
    session_start();
}
if (isset($_POST['login']))
{
    // Validate Variables
    $playerName = $_POST['username'];
    $playerPassword = $_POST['password'];
			
    // Authenticate the login
    if (($playerName != NULL) && ($playerPassword != NULL))
    {
        $playerPassword = sha1($playerPassword); // hash the password
        $sql = "SELECT * FROM `kb_player` WHERE `playerName` = '$playerName'";
        $queryResult = mysql_query($sql);
        if (mysql_num_rows($queryResult) == 0)
        {
            // Invalid ID
            $loginMessage = ("Login Credentials Incorrect");
        }
        else
	{
            $userDetails = mysql_fetch_array($queryResult);
            if ($userDetails['password'] == $playerPassword)
            {
                // Setup Login Session
                $_SESSION['activePlayer'] = $playerName;
                $_SESSION['activeID'] = $userDetails['playerID'];
                $_SESSION['loggedIn'] = 1;
                $_SESSION['iskDest'] = $userDetails['killPoints'];
                $_SESSION['iskLost'] = $userDetails['lossPoints'];
	
                // Temporary Placeholder Values Only
                $_SESSION['canPost'] = $userDetails['canPost'];
                $_SESSION['canAdmin'] = $userDetails['canAdmin'];
            }
            else
            {
                $loginMessage = ("Login Credentials Incorrect");
            }
        }
    }
    else
    {
        $loginMessage = ("Login Credentials Incorrect");
    }
}


if (isset($_SESSION['loggedIn']))
{

    if (isset($_GET['logout']))
    {
        $_SESSION = array();
        if (isset($_COOKIE[session_name()]))
        {
            setcookie(session_name(), '', time()-42000, '/');
        }

        session_destroy();
        
        echo("Logged Out");

    }
    else
    {
        $playerLosses = getPlayerLossCount($_SESSION['activeID']);
        $playerKills = getPlayerKillCount($_SESSION['activeID']);
        $playerImage = $_SESSION['activeID'];

        if (!(file_exists("people/". $playerImage . ".png")))
        {
            $playerImage = "noImage";
        }
?>
    <table>
        <tr>
            <td rowspan="3"><img class="shipImage" src="people/<?php echo($playerImage);?>.png" /></td>
            <td>Logged in as: <b><a href="pkills.php?id=<?php echo($_SESSION['activeID']);?>"><?php echo($_SESSION['activePlayer']);?></a></b> - <a href="?logout=true">log out</a></td>
        </tr>
        <tr>
            <td><b>kills:</b> <?php echo($playerKills);?> <b>losses:</b> <?php echo($playerLosses);?></td>
        </tr>
        <tr>
            <td><b>destroyed:</b><span style="color:#006600"><?php echo(number_format($_SESSION['iskDest']));?> ISK</span> <b>lost:</b> <span style="color:#FF0000"><?php echo(number_format($_SESSION['iskLost']));?> ISK</span></td>
        </tr>
    </table>
			
<?php
    }
}
else
{
     drawLoginBox();
}

function drawLoginBox()
{
    ?>
    <table>
        <form id="form1" name="loginform" method="post" action="<?php echo($_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING']);?>">
        <tr>
            <td>Name:</td>
            <td><input class="text-box" type="text" name="username" /></td>
            <td>Password:</td>
            <td><input class="text-box" type="password" name="password" /></td>
            <td><input type="submit" value="Login" name="login" /></td>
            <td style="color:#FF0000; font-style:italic;"><?php echo($loginMessage);?></td>
        </tr>
        </form>
    </table>
<?php
}
?>